fix for use-after-free problem in 10.x

2016-10-04 Thread Julian Elischer 
In 11 and 12 the taskqueue code has been rewritten in this area but 
under 10 this bug still occurs.


On our appliances this bug stops the system from mounting the ZFS 
root, so it is quite severe.
Basically while the thread is sleeping during the ZFS mount of root 
(in the while loop), another thread can free the 'task' item it is 
checking in that while loop and it can be reused or filled with 
'deadcode' etc., with the waiting code unaware of the change.. The fix 
is to refetch the item at the end of the queue each time around the loop.
I don't really want to do the bigger change of MFCing the change in 
11, as it is more extensive, though if someone else does, that's ok by 
me. (If it's ABI compatible)


Any comments or suggestions?

here's the fix in diff form:


[robot@porridge /usr/src]$ p4 diff -du ...
--- //depot/pbranches/jelischer/FreeBSD-PZ/10.3/sys/kern/subr_taskqueue.c   
2016-09-27 09:14:59.0 -0700
+++ /usr/src/sys/kern/subr_taskqueue.c  2016-09-27 09:14:59.0 -0700
@@ -441,9 +441,10 @@

TQ_LOCK(queue);
task = STAILQ_LAST(>tq_queue, task, ta_link);
-   if (task != NULL)
-   while (task->ta_pending != 0)
-   TQ_SLEEP(queue, task, >tq_mutex, PWAIT, "-", 0);
+   while (task != NULL && task->ta_pending != 0) {
+   TQ_SLEEP(queue, task, >tq_mutex, PWAIT, "-", 0);
+   task = STAILQ_LAST(>tq_queue, task, ta_link);
+   }
taskqueue_drain_running(queue);
KASSERT(STAILQ_EMPTY(>tq_queue),
("taskqueue queue is not empty after draining"));

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

HEADS UP: Do not upgrade EC2 instances from 10.x to 11.x yet

2016-10-04 Thread Colin Percival 
[Apologies if anyone gets this twice; the first copy I sent seems to have
been eaten by a mail server somewhere.]

We've identified a bug in the loader(8) in 11.0-RELEASE (to be precise,
FreeBSD 11 after April 6th) which results in it attempting to read past
the end of the disk if the last partition is not aligned to a 4k boundary.
On most (maybe all) physical hardware this results in significant delays
to the boot while the spurious I/O fails; in Amazon EC2, this results in
the instance hanging permanently.

Most systems do not have such misaligned partitions, but the FreeBSD 10.x
images in EC2 do, and will consequently hang on reboot if you upgrade them
to 11.0 (or to 12-current, for that matter).  I recommend not doing this.
The AMIs which have been built for FreeBSD 11.0 have properly aligned
partitions, and are not affected by this bug, so (once the release is out!)
you'll still be able to get FreeBSD 11.0 by launching new EC2 instances.

I imagine that this will be fixed with an errata notice shortly after the
release, after which point it will be safe to upgrade (since you'll end
up with the fixed loader), but as always that will ultimately be up to the
release engineering team.

Thanks to Peter Ankerstål, Allan Jude, Warner Losh, and Glen Barber for
their help in tracking down this problem.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: FreeBSD 11.0-stable buildworld failured, maybe it's broken by r305866

2016-10-04 Thread k simon 

P.S.  It's a quite old machine, it has not HPET device.



Simon
20161004


 2016/10/4 20:40, k simon write:

Hi,Lists,

   This is full source based "make buildworld" failure to r306669.


clang  -O2 -pipe -fno-omit-frame-pointer -march=core2
-I/usr/src/lib/libc/include -I/usr/src/lib/libc/../../include
-I/usr/src/lib/libc/amd64 -DNLS  -D__DBINTERFACE_PRIVATE
-I/usr/src/lib/libc/../../contrib/gdtoa
-I/usr/src/lib/libc/../../contrib/libc-vis -DINET6
-I/usr/obj/usr/src/lib/libc -I/usr/src/lib/libc/resolv -D_ACL_PRIVATE
-DPOSIX_MISTAKE -I/usr/src/lib/libc/../libmd
-I/usr/src/lib/libc/../../contrib/jemalloc/include -DMALLOC_PRODUCTION
-I/usr/src/lib/libc/../../contrib/tzcode/stdtime
-I/usr/src/lib/libc/stdtime -I/usr/src/lib/libc/locale -DBROKEN_DES
-DPORTMAP -DDES_BUILTIN -I/usr/src/lib/libc/rpc -DYP -DNS_CACHING
-DSYMBOL_VERSIONING -MD  -MF.depend.__vdso_gettimeofday.o
-MT__vdso_gettimeofday.o -std=gnu99 -fstack-protector-strong
-Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized
-Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int
-Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value
-Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion
-Wno-unused-local-typedef -Wno-switch -Wno-switch-enum
-Wno-knr-promoted-parameter  -Qunused-arguments  -I/usr/src/lib/libutil
-I/usr/src/lib/msun/amd64 -I/usr/src/lib/msun/x86
-I/usr/src/lib/msun/src -c /usr/src/lib/libc/sys/__vdso_gettimeofday.c
-o __vdso_gettimeofday.o
/usr/src/lib/libc/sys/__vdso_gettimeofday.c:43:27: error: too many
arguments to function call, expected single argument 'vdso_th', have 2
arguments
error = __vdso_gettc(th, );
 ^~~
/usr/include/sys/vdso.h:65:1: note: '__vdso_gettc' declared here
u_int __vdso_gettc(const struct vdso_timehands *vdso_th);
^
1 error generated.
*** Error code 1

Stop.
make[4]: stopped in /usr/src/lib/libc
*** Error code 1



 Maybe it's broken by r305866.




Simon
20161004

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

FreeBSD 11.0-stable buildworld failured, maybe it's broken by r305866

2016-10-04 Thread k simon 

Hi,Lists,

   This is full source based "make buildworld" failure to r306669.


clang  -O2 -pipe -fno-omit-frame-pointer -march=core2 
-I/usr/src/lib/libc/include -I/usr/src/lib/libc/../../include 
-I/usr/src/lib/libc/amd64 -DNLS  -D__DBINTERFACE_PRIVATE 
-I/usr/src/lib/libc/../../contrib/gdtoa 
-I/usr/src/lib/libc/../../contrib/libc-vis -DINET6 
-I/usr/obj/usr/src/lib/libc -I/usr/src/lib/libc/resolv -D_ACL_PRIVATE 
-DPOSIX_MISTAKE -I/usr/src/lib/libc/../libmd 
-I/usr/src/lib/libc/../../contrib/jemalloc/include -DMALLOC_PRODUCTION 
-I/usr/src/lib/libc/../../contrib/tzcode/stdtime 
-I/usr/src/lib/libc/stdtime -I/usr/src/lib/libc/locale -DBROKEN_DES 
-DPORTMAP -DDES_BUILTIN -I/usr/src/lib/libc/rpc -DYP -DNS_CACHING 
-DSYMBOL_VERSIONING -MD  -MF.depend.__vdso_gettimeofday.o 
-MT__vdso_gettimeofday.o -std=gnu99 -fstack-protector-strong 
-Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized 
-Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int 
-Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value 
-Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion 
-Wno-unused-local-typedef -Wno-switch -Wno-switch-enum 
-Wno-knr-promoted-parameter  -Qunused-arguments  -I/usr/src/lib/libutil 
-I/usr/src/lib/msun/amd64 -I/usr/src/lib/msun/x86 
-I/usr/src/lib/msun/src -c /usr/src/lib/libc/sys/__vdso_gettimeofday.c 
-o __vdso_gettimeofday.o
/usr/src/lib/libc/sys/__vdso_gettimeofday.c:43:27: error: too many 
arguments to function call, expected single argument 'vdso_th', have 2 
arguments

error = __vdso_gettc(th, );
 ^~~
/usr/include/sys/vdso.h:65:1: note: '__vdso_gettc' declared here
u_int __vdso_gettc(const struct vdso_timehands *vdso_th);
^
1 error generated.
*** Error code 1

Stop.
make[4]: stopped in /usr/src/lib/libc
*** Error code 1



 Maybe it's broken by r305866.




Simon
20161004
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Reproducible panic - Going nowhere without my init!

2016-10-04 Thread Konstantin Belousov 
On Tue, Oct 04, 2016 at 11:14:38AM +1000, Andy Farkas wrote:
> Is it just me or
> 
> Step 1: boot
> Step 2: login as root
> Step 3: type "w" *
> Step 4: type "shutdown now; logout"
> Step 5: press  at the 'Enter full pathname of shell or RETURN for
> /bin/sh:' prompt
> Step 6: type "reboot"
> Step 7: get a Panic: "Going nowhere without my init!"
This means that init process (pid 1) exited for some reason.  Show
exact console log of the events.

> 
> * The panic will not happen if you skip step 3.
> 
> The panic will not happen if you type "sync; sync; sync" after step 5.
> 
> The panic will not happen if you wait (an unknown amount of) some time
> after step 5.
> 
> # uname -a
> FreeBSD deepthink 11.0-PRERELEASE FreeBSD 11.0-PRERELEASE #6 r306656: Tue
> Oct  4 09:03:05 AEST 2016 root@deepthink:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> -andyf
> 
> ps. apologies, forced to send from a gmail account.
> reply-to: an...@andyit.com.au
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Regression with revision 303970 (was kern.proc.pathname failure while booting from zfs)

2016-10-04 Thread Andriy Gapon 

I've written a patch that implements zfs_vptocnp() using z_parent property.
The new code should be 100% reliable for directories and "mostly" reliable for
files (that is, when hardlinks across directories are not used).

Could you please review / test it?
https://reviews.freebsd.org/D8146

Thanks!
-- 
Andriy Gapon
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

IPFW+ Dummynet on Windows 10

2016-10-04 Thread Kulamani Sethi 
Hi,
I'm  lucky to find your contact information for FreeBSD-STABLE.

I am developing a small application using IPFW+Dummynet (ipfw3) in
windows-7 x64 machine, but when I try to test that in Windows-10 OS I
unable to add the Service in Network Settings.

 Seems ipfw3 does not support in windows-10 OS.

   I also checked here  ipfw
precompiled
modules available upto windows-7 64bit. No more update after 2010.


Note: I have done kernel mode code signing over IPFW driver.

Please help us in fixing the issue.

*With best Regards,*

Kulamani Sethi,
India
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"